Google Play app with 100 million downloads executed secret user data

The dangers of Google Play can be seen again when an app with 100 million downloads was discovered, which contained a harmful component, with the secret user data on infected Android Devices were downloaded.

Throughout most of his life, CamScanner was a legitimate app that provided useful document scanning and management capabilities, researchers at Kaspersky Lab told anti-virus vendors Tuesday. To earn money, the developers showed ads and offered in-app purchases.

At some point things changed. The app has been updated to add an ad library that contained a malicious module. This component, known as the Trojan Dropper, has regularly downloaded encrypted code from a developer-specified server at https://abc.abcdserver [.] com and has decrypted and executed it on infected devices. The module, which Kaspersky Lab researchers called Trojan-Dropper.AndroidOS.Necro.n, could be downloaded and run by developers at any time. The researchers said they have already found Trojan-Dropper.AndroidOS.Necro.n in apps preinstalled on some cell phones sold in China.

"The Trojan-Dropper.AndroidOS.Necro.n functions described above are executed The main task of the malware is to download and start a payload from malicious servers," said a separate article by Kaspersky Lab. "As a result, module owners can use an infected device in their favor in any way, from displaying the victim's intrusive ads to stealing money from their mobile account by billing paid subscriptions."

The incident underscores the challenge for Android users looking for useful apps. Google scanners can not capture everything, especially when developers inject malicious or unethical code into apps that have already passed the initial checks. The result: There's no easy way to make sure an app is secure. This reality is disappointing as Google has made great strides in securing newer versions of Android.

One way to review apps is to read reviews from other users. Kaspersky Lab researchers said the negative feedback from the past month indicated that there were unwanted features in CamScanner. And of course, users should always check the permissions an app requires. Access to the microphone, camera, contacts, location data, or phone app can often be an indication that something is wrong, but not always. Often apps need this access for legitimate reasons. For example, CamScanner would obviously need access to the camera to work as advertised. It can often be helpful to look for apps from known developers whenever possible.

Ultimately, the best strategy is to just install the apps that are really useful and uninstall apps that have not been used for some time. The practicality and effectiveness of this guide is by no means ideal, but unfortunately this is the current security status for Android apps.